Chinese threat actor may have exploited SolarWinds. New SolarWinds vulnerabilities reported. Spyware in South Sudan. BEC gift card scams rise.

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency - sources (Reuters) Suspected Chinese hackers exploited a flaw in software made by SolarWinds Corp to help break into U.S. government computers last year, five people familiar with the matter told Reuters, marking a new twist in a sprawling cybersecurity breach that U.S. lawmakers have labeled a national security emergency.

Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities (Trustwave) In this blog, I will be discussing three new security issues that I recently found in several SolarWinds products. All three are severe bugs with the most critical one allowing remote code execution with high privileges. To the best of Trustwave’s knowledge, none of the vulnerabilities were exploited during the recent SolarWinds attacks or in any “in the wild” attacks.

3 New Severe Security Vulnerabilities Found In SolarWinds Software (The Hacker News) 3 New Severe Security Vulnerabilities Found In SolarWinds Orion and Serv-U FTP Server Software

WSJ News Exclusive | Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (Wall Street Journal) SolarWinds CEO Sudhakar Ramakrishna says hackers accessed at least one of the company’s Office 365 accounts by December 2019, and then leapfrogged to other accounts used by the company.

Beyond SolarWinds: The "Octopus Scanner" Supply Chain Attack - Cycode (Cycode) Last week, on New Year’s Eve, Microsoft announced that the SolarWinds attackers had been deeper in their environment than previously believed and had viewed Microsoft’s source code.

A Unique Supply Chain Attack: The 2020 Sawfish - Cycode (Cycode) For attackers targeting technology businesses, the goal is often stealing intellectual property and other data, which can either be sold for profit or used for other purposes.

SolarWinds hack turning into Pandora’s box of cyber-risk (Compliance Week) The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.

Recent root-giving Sudo bug also impacts macOS (ZDNet) A bug in the Sudo app can let attackers with access to a local system to elevate their access to a root-level account.

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets (Vice) Technical analyses by Citizen Lab and Motherboard found links between a fake version of WhatsApp and Cy4Gate, an Italian surveillance firm that works with cops and intelligence agencies.

Israeli cyber firm sold spytech to South Sudan, investigation finds (Haaretz) Amnesty International reveals South Sudan is waging an aggressive campaign against journalists, human rights activists and critics – and Verint's spy-tech plays a role.

South Sudan worked with Israeli surveillance company to monitor citizens, Amnesty finds (CyberScoop) South Sudan has been using surveillance capabilities from Israeli company Verint to spy on citizens, Amnesty International found.

South Sudan: Rampant abusive surveillance by NSS instils climate of fear (Amnesty) South Sudan’s National Security Service is using abusive surveillance to terrorize activists, leading to a climate of intense fear and self-censorship.

Beware Of Fake Maybank2U Website That Looks So Realistic It's Successfully Scammed Malaysians Of Their Money (TRP) Be careful or you'll lose your money

This Linux malware is hijacking supercomputers across the globe (ZDNet) Kobalos’ codebase is tiny, but its impact is not.

Malicious script steals credit card info stolen by other hackers (BleepingComputer) A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer.

Personal Data of 3 Million+ People Exposed In DriveSure Hack (RBS) The Cyber Risk Analytics research team at Risk Based Security captures and analyzes thousands of data breaches annually. When it comes to breaches, larger or well-known organizations are usually given the most attention due to the potential damage a breach can cause. However, even data from a small

Remote workers are printing confidential documents at home (Security Magazine) New research reveals 66% of home workers in the U.K. are potentially breaching GDPR regulations by printing work related documents at home, including meeting notes, contracts, commercial documents, payroll documents, CVs and more. Many are aware of GDPR rules, however, say they have no choice but to print such documents while working remotely.

Babyk Ransomware won't hit charities, unless they support LGBT, BLM (BleepingComputer) The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out.

Ransomware: How They Work and How to Defend Against Them (The State of Security) An exploration of the most significant ransomware families of 2020: Tycoon, Ryuk and REvil. How they work and some defence best practices.

Ransomware gangs made at least $350 million in 2020 (ZDNet) The figure represents a 311% increase over ransomware payments recorded the previous your, in 2019.

Ransomware Newcomers Include Pay2Key, RansomEXX, Everest (GovInfo Security) Ransomware operations continue to come and go. The notorious Maze ransomware gang retired last year, apparently replaced by Egregor, while new operators, such as

Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone (ZDNet) Industrial environments make an alluring target for criminals distributing ransomware as attacks have the potential to cause massive disruption - organisations need to act now to secure their networks.

Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection (ZDNet) The malware now attempts to disable Microsoft antivirus protection.

The Cybersecurity 202: Vaccine distribution unleashes new cybersecurity risks (Washington Post) Security experts and government officials are bracing for a wave of cyberattacks targeting the coronavirus vaccine distribution process.

Siemens SIMATIC HMI Comfort Panels & SIMATIC HMI KTP Mobile Panels (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to gain full access to the device(s) if the Telnet service is enabled.

Rockwell Automation MicroLogix 1400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: MicroLogix 1400 Vulnerability: Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the vulnerability affects the following MicroLogix 1400 controllers:

Huge labor department printing mistake results in data breach (VTDigger) Names, addresses, Social Security numbers mixed up on tax forms mailed Friday; about 180,000 of the forms will be reissued.

'Completely unacceptable': Data breach compromised info of 1.6 million Washingtonians who sought unemployment (king5.com) The Washington state auditor said those potentially affected include people who filed for unemployment benefits from Jan. 1 to Dec. 10, 2020.

Outrage over unemployment data breach (Q13 FOX) The data breach adds insult to injury for more than 1.5 million people who have filed unemployment claims in Washington state.

Data of 2.5 mn Airtel users in J&K allegedly leaked; telco says no breach (Business Standard) A sample of the leaked database was shared on Twitter by cybersecurity researcher Rajshekhar Rajaharia which shows masked details of the subscribers

Actor Exploits Beaumont Health’s COVID-19 Vaccine Scheduling Tool (HealthITSecurity) This week's breach roundup is led by a Beaumont Health security incident. An actor exploited a flaw in Epic's scheduling tool, which allowed 2,700 people to make unauthorized COVID-19 vaccine appts.

The Better Business Bureau is warning people not to post their Covid-19 vaccination cards on social media (CNN) No matter how excited you are about getting your vaccine, the Better Business Bureau is warning you: Avoid sharing photos of your Covid-19 vaccine cards.

'Hackable?": Report Raises Tech Security Concerns Among NY State Court Officials (New York Law Journal) The report said survey respondents did “not appear to be properly protecting their personal devices through generally accepted security features, such as multifactor authentication, which puts court-related work at considerable risk.”

Report: Data Breach Exposed 323K Records Including Sensitive Court Files (Website Planet) Originally published on January 25th, 2021 On September 26th, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah

Baldwin Wallace University was targeted for cyber attack (WKYC) The university says it has not discovered any compromised personal information as of yet.

Blog: I Am Nidhi Razdan, Not A Harvard Professor, But... (NDTV) Back in June 2020, I had announced on Twitter that I was moving on from NDTV after nearly 21 years to join Harvard University as an Associate Professor to teach journalism.

Baldwin Wallace University was targeted for cyber attack (WKCY) The university says it has not discovered any compromised personal information as of yet.

Georgetown County still experiencing connectivity issues following cyber attack (WMBF News) Georgetown County continues to work with cyber security experts to recover systems and analyze the full extent of its network’s breach last month, officials said.

South Carolina County Still Reeling from January Cyber-Attack (Infosecurity Magazine) Georgetown County still working to repair network brought down by cyber-criminals

State tourism department reports data breach; no social security, financial data compromised (Tulsa World) No visitors’ or Oklahoma residents’ Social Security numbers or financial data were impacted by the incident, the agency said.

Security Patches, Mitigations, and Software Updates

About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave (Apple Support) This document describes the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave.

PSA: If you use NoxPlayer to play Android games on PC, you should probably reinstall it (xda-developers) NoxPlayer users beware. A hacker group has gained access to the Android emulator's server infrastructure and has pushed malware to a few users in Asia.

Microsoft Defender now detects macOS system, app vulnerabilities (BleepingComputer) Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.

Cyber Trends

New Siemplify Research Reveals Shift to Remote Work Leads to More Threats, But Cybersecurity Postures Stronger Than Pre-Pandemic for Many - Siemplify (Siemplify) Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today released...

Identity Theft Awareness Week starts today (Federal Trade Commission) Among the challenges that COVID-19 has brought, add a higher risk of identity theft to the mix.

DH2i Pre-Pandemic State of Virtual Private Networks (VPNs) Survey Reveals Inadequate Security Number One VPN Pain Point | DH2 (DH2i) This report uncovers the pre-pandemic challenges of VPNs that are driving the movement towards holistic Software Defined Perimeter solutions.

Salt Security Report Reveals API Security Concerns are Inhibiting Business Innovation (BusinessWire) Salt Security today released the results of the industry’s first API security report, revealing that API security concerns are inhibiting innovation.

Cyberthreat’s Most Effective Attack Vector Is the Economy (SIGNAL Magazine) Economic espionage by China is a key element of the Middle Kingdom's thrust to overtake the United States as the preeminent global power.

What the Last 20 Years of Cyberthreats Have Taught Us (Channel Futures) While the history of cyberthreats is vast and complex, information security has experienced three pivotal eras over the last 20 years that have shaped the cybersecurity industry into what we know it as today.

Kaspersky: Moroccans Not Concerned About Cyber Security (Morocco World News) Morocco is ranked in the top ten countries for the highest volume of malware attacks according to a study by cybersecurity company Kaspersky.

Marketplace

SecurityAdvisor Raises $7.3 Million to Increase Organizational Resilience Through the Real-Time Delivery of Personalized Cybersecurity Awareness Training (BusinessWire) SecurityAdvisor raises a $7.3 million Series A funding round led by ClearSky Security.

Verint completes spin-off of Cognyte Software (KMWorld) Separation enables Verint to focus solely on customer engagement

HelpSystems Acquires Digital Defense to Enhance Cybersecurity Portfolio (PR Newswire) HelpSystems announced today the acquisition of Digital Defense, a leader in vulnerability management and threat assessment solutions. Digital...

Aprio Announces Acquisition of Syzygy Solutions and Velossent (PRWeb) Aprio, LLP, a nationally-recognized, top 50 CPA-led business advisory firm, announced today that it has acquired highly acclaimed digital transformation and cybe

NuWave and PCI Merge to Create BigBear.ai, Forming a Decision Dominance Platform Serving the National Defense and Intelligence Communities (PR Newswire) NuWave Solutions ("NuWave") and PCI Strategic Management ("PCI") announced today that they have merged to form BigBear.ai ("the Company"),...

Carlyle Group buys, rebrands two government contracting firms in hot M&A market (Washington Business Journal) The massive private equity firm hopes the deal creates a national security tech powerhouse.

NINJIO Ranks Highest and Only Customers’ Choice 2021 (NINJIO) NINJIO is the Only Vendor recognized as a Gartner Peer Insights Customers’ Choice 2021 for Security Awareness Computer-Based Training

Onfido delivers record revenue year for fiscal 2020 (Onfido) 82% increase in global ARR fueled by strong demand from enterprises

Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’ (CRN) The fact that FireEye was the first to realize they’d been attacked in the massive, months-long SolarWinds campaign validates the company’s intelligence and expertise, CEO Kevin Mandia said.

Palo Alto Networks Stock Is Spiking After an Analyst Predicted a Boost From Security Spending (Barron's) Security software provider Palo Alto Networks is trading sharply higher on Tuesday after Credit Suisse analyst Brad Zelnick raised his rating on the stock to Outperform from Neutral, with a new price target of $425, up from $385.

CrowdStrike stock gains on report that Chinese hackers exploited SolarWinds (NASDAQ:CRWD) (SeekingAlpha) Reuters sources say suspected Chinese hackers exploited the Russia-linked SolarWinds (NYSE:SWI) breach to gain access to U.S.

Darktrace Experiences Surge in Demand Driven by WFH and Wave of Sophisticated Cyber-Attacks (PR Newswire) Darktrace has today announced strong demand for its latest product release, Version 5 of its self-learning Darktrace Immune System, as...

IBM’s new path to a six-figure salary doesn’t require a college degree (Fortune) The pipeline is no longer school-to-work as much as school-AND-work.

Jeff Bezos to step down as Amazon CEO, Andy Jassy to take over in Q3 (CNBC) AWS CEO Andy Jassy will replace Jeff Bezos as CEO during the third quarter of this year.

Jeff Bezos to Step Down as Amazon CEO (Wall Street Journal) The Amazon founder will shift to executive chairman and hand over the CEO role later this year to Andy Jassy, who has run the company’s booming cloud computing business.

Former FBI Special Agent and Branch Chief of Cyber-Integrity, Ted Theisen, Returns to Ankura's Cyber Practice as a Senior Managing Director (PR Newswire) Ankura, a global business advisory and expert services company, is pleased to announce that Ted Theisen has rejoined its Cyber Practice as a...

Axis Security Names Deena Thomchick as Vice President of Product Marketing (PR Newswire) Axis Security, a leading provider of Zero Trust Network Access, announced today the addition of Deena Thomchick as vice president of product...

Products, Services, and Solutions

One Identity Enables Identity-Centric Security Through New SaaS IGA and PAM Solutions (One Identity) Full power of One Identity Manager and One Identity Safeguard are available via SaaS through the One Identity Cloud, enabling a cloud-based identity security strategy. New offerings deliver cloud without compromise for IGA and PAM, Cloud-based offerings to enable Zero Trust architectures.

Cymulate Recognized as the #1 Innovation Leader in Breach and Attack Simulation Market by Frost and Sullivan (PR Newswire) Cymulate, the only SaaS-based Continuous Security Validation platform to operationalize the MITRE ATT&CK® framework end-to-end, announced today...

Telos Awarded $13.5M FBI Contract for Enterprise Risk Management (GlobeNewswire) Bureau’s Enterprise Information Security Section to leverage Xacta to meet stringent GRC requirements

Why Managed Service Providers (MSPs) should think small for success: Check Point’s new Quantum Spark™ security gateways for SMBs bring major new Security-as-a-Service opportunities - Check Point Software (Check Point Software) Today’s cyber-landscape is tough for small to midsize businesses (SMBs). Criminals and hackers have stepped up their attacks dramatically over the past

Insight series: The Evolution of Secure Components (GlobalPlatform) An exploration of the evolution of Secure Elements (SEs) and Trusted Execution Environments (TEEs)

Aniview Partners with White Ops to Fend Off Sophisticated Bot Attacks and Safeguard the Integrity of Video Advertising (BusinessWire) Aniview, a leading provider of holistic end-to-end ad-serving solutions for publishers, announced a new partnership with White Ops, the global leader

Arista launches a zero trust security framework for the digital enterprise (Help Net Security) Arista Multi-Domain Macro-Segmentation Service is a suite of capabilities for integrating security policy with the network.

Tempered Networks Launches Airwall Teams: Free, Zero Trust Remote Access and Private Network Solution (Yahoo) Industrial-Strength Private Overlay Network Secures Any Device, Anywhere in the World

Wickr To Enable Secure, Cross-Platform Collaboration and Compliance (BusinessWire) Wickr Inc., the world’s most secure collaboration platform, today announced the general availability of “Global Federation”, a feature that will allow

Canopy Speeds Data Breach Response with New Capabilities for Response Teams to Review and Extract Protected Data (BusinessWire) New Spreadsheet Mapping, Table Mapping, and Automated Column Matching Features Accelerate Protected Spreadsheet and Tabular Data Review

Technologies, Techniques, and Standards

How security teams can prevent a 47-day patching handicap (SC Media) While Apple gets headlines for discovering zero-days, today’s columnist, Ed Bellis of Kenna Security, says true zero-days are rare. Bellis says the vast majority of vulnerabilities are patched before CVE publication. However, in the rare case when exploits predate the availability of a patch, attackers get a 47-day head start – and that’s something security teams need to focus on.

How to Ensure Your Remote Team are Operating Safely (BusinessMole) Even before COVID, remote working was starting to become increasingly popular. However, once the coronavirus hit, many businesses had to shift their way of operating, resulting in millions of peopl…

Hackers are targeting your practice — here's how to fight back (Medical Economics) The cyber threat against healthcare businesses is exploding, and here's what you can do about it, on this week's Medical Economics Pulse.

Design and Innovation

platform one devsecops software (Intelligent Aerospace) Platform One is a standardized and widely-mandated Department of Defense (DoD) DevSecOps Infrastructure program used for future software development.

Instagram’s "recently deleted" feature lets you change your mind about deleting a post (The Verge) An effort to keep your content on the platform.

Huawei’s HarmonyOS appears to just be a forked version of Android (The Verge) To even try Huawei’s HarmonyOS requires sending the company a copy of your passport and credit card.

Legislation, Policy and Regulation

The Cybersecurity 202: Suspected Chinese hack of SolarWinds raises concerns in Washington (Washington Post) The FBI is reportedly looking at hackers with Chinese ties as the culprits behind another hack of software company SolarWinds.

The Cyberlaw Podcast: Cybersecurity: A British Perspective (Lawfare) The U.S. has never really had a “cyberczar.” Arguably, though, the U.K. has. The head of the National Cyber Security Center (NCSC) combines the security roles of the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. To find out how cybersecurity issues look from that perspective, we interview Ciaran Martin, the first director of the NCSC.

Office of the Coordinator for Cyber Issues (State Magazine) As more of life’s everyday transactions move online, securing cyberspace has grown into a U.S. national security priority. For the past decade, the Department of State’s Office of the Coordinator for Cyber Issues (S/CCI) has led U.S. cyber diplomacy efforts. While the Bureaus of Information Resource Management (IRM) and Diplomatic Security (DS) […]

‘Foreign Adversaries’ In Tech Supply Chain May Be Under the Microscope (JD Supra) The Information and Communications Technology and Services (ICTS) Rule, if implemented by the Biden Administration, would significantly impact...

Is Biden’s $10B Enough to Make US Cybersecurity Great Again? (SDxCentral) President Joe Biden made cybersecurity a top priority for his administration even before he took office earlier this month.

Op-ed: The best way for Biden to go on the cyber counterattack (CNBC) The best response President Biden has to nation-state cyberattacks like the Solarwinds hack attributed to Russia already exists in our cybersecurity arsenal.

Congress is starting to move on more cyber bills, even if few become law (CyberScoop) Congress dramatically ratcheted up the number of cybersecurity bills introduced in the last two years compared to the prior session of Congress, but that didn’t equate to much more of it becoming law, according to a think tank study out today.

A lofty but critical cybersecurity dream that must turn into reality (TheHill) Elected officials have to reserve more time with this issue.

Former cyber chief pushes for renewed focus on combating disinformation (TheHill) Former Department of Homeland Security (DHS) cyber chief Suzanne Spaulding, a key official involved in the response to Russian interference efforts in 2016, is pushing hard for more to be done to combat disinformation and promote civics education as the nation reels from the fallout of the recent election.

Senate Confirms Mayorkas as Homeland Security Secretary, Buttigieg for Transportation Post (Wall Street Journal) Alejandro Mayorkas will be the first Latino and first immigrant to lead the agency while Pete Buttigieg’s approval as secretary of Transportation makes him the first openly gay person to be approved for a cabinet position.

Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary (CyberScoop) The Senate on Tuesday voted to confirm Alejandro Mayorkas as Homeland Security secretary, a post crucial to the U.S. response to a suspected Russian hacking campaign that has roiled Washington.

Mayorkas’s Experience With Homeland Security Issues Fuels Backers and Critics Alike (Wall Street Journal) Joe Biden’s DHS pick led virus responses and implemented DACA; awarding of green cards to wealthy, politically connected investors will likely draw scrutiny.

House Republicans urge Senate to block vote on Commerce secretary over Huawei (TheHill) A coalition of House Republicans on Tuesday urged their Senate colleagues to place a hold on Gina Raimondo, President Biden’s nominee for Commerce secretary, arguing that she has not clarified her stance on Chinese

DHS names former head of its digital service as its new CIO (Federal News Network) Eric Hysen worked on the Biden transition team before becoming CIO at DHS.

Pentagon deputy nominee wants cyber strategy clarification (Defense News) Kathleen Hicks, deputy secretary of defense nominee, has key questions concerning the department's

Cyberspace battalion continues growth with activation of new company (DVIDS) The 915th Cyberspace Warfare Battalion conducted a ceremony here Jan. 29, 2021 to formally activate its Bravo Company.

Litigation, Investigation, and Enforcement

China's Collection of Genomic and Other Healtcare Data From America: Risks to Privacy and U.S. Economic and National Security (National Counterintelligence and Security Center) Would you want your DNA or other healthcare data going to an authoritarian regime with a record of exploiting DNA for repression and surveillance?

Treasury Secretary Janet Yellen to call regulator meeting on GameStop volatility, seeks ethics waiver (CNBC) Yellen is calling a meeting of key financial regulators this week to discuss market volatility driven by retail trading in GameStop and other stocks.

What Did NSA Do to Help Prevent Supply Chain Attacks? (GovInfo Security) In light of the recent SolarWinds supply chain hack on government agencies and others, 10 Democratic lawmakers are asking the National Security Agency to explain

U.S. Takes Part in Multinational Efforts to Disrupt Netwalker Ransomware and Emotet Malware (JD Supra) On January 27 and 28, 2021, the U.S. Department of Justice (DOJ) announced two successful operations to disrupt two different strains of malware,...

NetWalker Takedown May Not Put an End to Ransomware Attacks (Toolbox Security) The FBI has succeeded in the partial takedown of the NetWalker ransomware, which also led to the indictment of a Canadian hacker and the seizure of $454,530 in cryptocurrency that criminals obtained via ransom payments.

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered (KrebsOnSecurity) ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate…

Couple used Navy links to steal 9K identities, officials say (Stars and Stripes) Marquis Asaad Hooper, a former chief petty officer with the Seventh Fleet, and Natasha Renee Chalk, a naval reservist stationed at Naval Air Station Lemoore, were indicted by a federal grand jury last week on charges of conspiracy to commit wire fraud, wire fraud, and aggravated identity theft.

Former Navy Chief Petty Officer and Naval Reservist Indicted for ID Theft Scheme (Department of Justice, U.S. Attorney’s Office, Eastern District of California) On Jan. 28, a federal grand jury in Fresno indicted Selma couple Marquis Asaad Hooper, 30, and Natasha Renee Chalk, 37, charging them with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft, U.S. Attorney McGregor W. Scott announced.

Greek police to introduce live facial recognition (Security Magazine) Greek police are set to introduce live face recognition before the summer. By the summer of 2021, the Greek police will receive thousands of devices allowing for live facial recognition and fingerprint identification. The devices will be deployed in everyday police work, according to a Greek police official AlgorithmWatch talked to.

Bangladesh bought spyware from Israeli surveillance company (Al Jazeera) Israeli-made spying tools bought for Bangladesh intelligence service, despite the Asian country not recognising Israel.

Israel firm secretly sold spyware to Bangladesh through a criminal gang (Middle East Monitor) Israeli-made surveillance equipment sold via a convicted criminal is being used by the Bangladeshi government to target political opposition...

Growing outrage, calls for accountability after state auditor's hack puts 1.4 million people at risk (Q13 FOX) Anger and calls for accountability are growing louder following the news that more than 1.4 million people in Washington, who filed for unemployment claims, may have had their personal information stolen in a data breach involving the state auditor's office.

Chinese actor may have exploited SolarWinds. New SolarWinds vulnerabilities. Spyware in South Sudan. BEC gift card scams rise.